bugs

composer.json

@@ -8,7 +8,7 @@
         "Api"
     ],
     "homepage": "https://github.com/star7th/showdoc",
-    "version": "v3.0.1",
+    "version": "v3.0.2",
     "license": "Apache-2.0",
     "authors": [
         {

server/Application/Api/Controller/PageController.class.php

@@ -78,7 +78,7 @@ public function save()
         $is_urlencode = I("is_urlencode/d") ? I("is_urlencode/d") : 0; //页面内容是否经过了转义
         $page_title = I("page_title") ? I("page_title") : L("default_title");
         $page_comments = I("page_comments") ? I("page_comments") : '';
-        $page_content = I("post.page_content", "", ""); // 不进行htmlspecialchars过滤
+        $page_content = I("post.page_content", "", ""); // 不进行htmlspecialchars过滤，后面再手工过滤
         $cat_id = I("cat_id/d") ? I("cat_id/d") : 0;
         $item_id = I("item_id/d") ? I("item_id/d") : 0;
         $s_number = I("s_number/d") ? I("s_number/d") : '';
@@ -87,17 +87,23 @@ public function save()
 
 
         $login_user = $this->checkLogin();
-        if (!$this->checkItemEdit($login_user['uid'], $item_id)) {
-            $this->sendError(10103);
-            return;
-        }
+
         if (!$page_content) {
             $this->sendError(10103, "不允许保存空内容，请随便写点什么");
             return;
         }
         if ($is_urlencode) {
             $page_content = urldecode($page_content);
         }
+        // htmlspecialchars过滤
+        $page_content = htmlspecialchars($page_content);
+
+        if (!$this->checkItemEdit($login_user['uid'], $item_id)) {
+            $this->sendError(10103);
+            return;
+        }
+        $data = array();
+
         $data['page_title'] = $page_title;
         $data['page_content'] = $page_content;
         $data['page_comments'] = $page_comments;

web/index.html

@@ -9,4 +9,4 @@
           '../server/index.php?s=',
         // "lang" :'en'
         lang: 'zh-cn'
-      }</script><link href=./static/css/app.fdb50b5be4b0f0f167ceb024d249c5b9.css rel=stylesheet></head><body class=grey-bg><div id=app></div><script type=text/javascript src=./static/js/manifest.3ad1d5771e9b13dbdad2.js></script><script type=text/javascript src=./static/js/vendor.339f5a1f86786a88b9d4.js></script><script type=text/javascript src=./static/js/app.6b1172074bcaa9d868ac.js></script></body></html>
+      }</script><link href=./static/css/app.a1000bc4907ba585d75f10ae403cbb50.css rel=stylesheet></head><body class=grey-bg><div id=app></div><script type=text/javascript src=./static/js/manifest.3ad1d5771e9b13dbdad2.js></script><script type=text/javascript src=./static/js/vendor.339f5a1f86786a88b9d4.js></script><script type=text/javascript src=./static/js/app.bab3e77472e0d881d5dd.js></script></body></html>

web_src/src/components/item/show/show_table_item/Index.vue

@@ -62,6 +62,7 @@
 <script>
 import Header from '../Header'
 import HeaderRight from './HeaderRight'
+import { unescapeHTML } from '@/models/page'
 if (typeof window !== 'undefined') {
   var $s = require('scriptjs')
 }
@@ -98,19 +99,6 @@ export default {
         if (response.data.page_content) {
           let objData
           try {
-            // 先定义一个html反转义的函数
-            const unescapeHTML = str =>
-              str.replace(
-                /&amp;|&lt;|&gt;|&#39;|&quot;/g,
-                tag =>
-                  ({
-                    '&amp;': '&',
-                    '&lt;': '<',
-                    '&gt;': '>',
-                    '&#39;': "'",
-                    '&quot;': '"'
-                  }[tag] || tag)
-              )
             objData = JSON.parse(unescapeHTML(response.data.page_content))
           } catch (error) {
             objData = {}